def get(self, request):
"""Returns all public diagrams"""
search = request.GET.get("search")
if search:
serializer = serializers.DiagramSerializer(
Diagram.objects.all().filter(
Q(is_public=True)
| reduce(operator.and_, (Q(description__icontains=x)
for x in search.split()))),
many=True)
else:
serializer = serializers.DiagramSerializer(
Diagram.objects.all().filter(is_public=True), many=True)
return Response(data=serializer.data, status=status.HTTP_200_OK)
def get(self, request, pk):
"""Return selected diagram of the authenticated user"""
diagram = self.get_object(pk, auth_user_only=True)
serializer = serializers.DiagramSerializer(diagram)
export_type = request.GET.get("export_type")
xml_data = serializer.data['diagram'][1:]
# TODO actually fix with https://stackoverflow.com/questions/35274068/rendering-xml-from-draw-io-as-an-image-using-mxcellrenderer
if export_type == "PNG":
img = Image.open(xml_data, formats=("XML", ))
transformed = img.save(img, format="PNG")
response = HttpResponse(transformed,
content_type='application/png')
if export_type == "PDF":
img = Image.open(xml_data, formats=("XML", ))
transformed = img.save(img, format="PDF")
response = HttpResponse(transformed,
content_type='application/pdf')
if export_type == "SVG":
img = Image.open(xml_data, formats=("XML", ))
transformed = img.save(img, format="SVG")
response = HttpResponse(transformed,
content_type='application/svg')
else:
response = HttpResponse(xml_data, content_type='application/xml')
# response['Content-Disposition'] = 'attachment; filename="%s"' % path.split('/')[-1]
return response
def get(self, request):
"""Return all diagrams of the current authenticated user only"""
search = request.GET.get("search")
if search:
serializer = serializers.DiagramSerializer(
Diagram.objects.all().filter(
Q(owner=self.request.user)
| reduce(operator.and_, (Q(description__icontains=x)
for x in search.split()))),
many=True)
else:
serializer = serializers.DiagramSerializer(
Diagram.objects.all().filter(owner=self.request.user),
many=True)
# print(serializer.data)
return Response(data=serializer.data, status=status.HTTP_200_OK)
def post(self, request):
"""Create new Diagram"""
serializer = serializers.DiagramSerializer(data=request.data)
diagramStat = DiagramStat.objects.create()
if serializer.is_valid():
serializer.save(owner=request.user, diagram_stat=diagramStat)
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request):
"""Returns all private diagrams of a user"""
serializer = serializers.DiagramSerializer(
Diagram.objects.all().filter(
Q(is_public=False)
& Q(owner=request.user)),
many=True)
return Response(data=serializer.data, status=status.HTTP_200_OK)
def test_get_all_diagrams_shared(self):
""" Test GET diagram/shared gives all the diagrams shared with the current user """
self.client.force_authenticate(user=self.user_to_share_with)
self.diagram_pub1.reader.add(self.user_to_share_with)
res = self.client.get(reverse('diagram:shared-with-me'))
self.assertEqual(res.status_code, 200)
serializer = serializers.DiagramSerializer(data=res.data, many=isinstance(res.data, list))
serializer.is_valid()
if serializer.is_valid():
self.assertIn(self.diagram_pub1.name, serializer.data[0]['name'])
def put(self, request, pk):
"""Update diagram"""
diagram = self.get_object(pk)
serializer = serializers.DiagramSerializer(data=request.data)
if serializer.is_valid():
if not diagram.public:
os.remove(diagram.diagram.path)
diagram.delete()
serializer.save(owner=request.user)
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request, pk):
"""Return selected diagram of the authenticated user"""
diagram = self.get_object(pk, auth_user_only=True)
serializer = serializers.DiagramSerializer(diagram)
export_type = request.GET.get("export_type")
xml_data = serializer.data['diagram']
response = HttpResponse(xml_data, content_type='application/xml')
# response['Content-Disposition'] = 'attachment; filename="%s"' % path.split('/')[-1]
return response
def test_get_all_public(self):
""" Test that GET diagram/public/list gives all the public diagrams currently stored"""
res = self.client.get(self.PUBLIC_DIAG_URL)
self.assertEqual(res.status_code, 200)
# print(res.content.decode('utf-8'))
serializer = serializers.DiagramSerializer(data=res.data, many=isinstance(res.data, list))
serializer.is_valid()
# print(serializer.errors)
if serializer.is_valid():
for diag in serializer.data:
self.assertIn('pub', diag['name'])
self.assertEqual(True, diag['is_public'])
def test_get_all_private_diag(self):
""" Test GET diagram/private/list gives all the private diagram of current user"""
res = self.client.get(self.ALL_MY_PRIVATE_DIAGS)
self.assertEqual(res.status_code, 200)
# print(res.content.decode('utf-8'))
serializer = serializers.DiagramSerializer(data=res.data, many=isinstance(res.data, list))
serializer.is_valid()
# print(serializer.errors)
if serializer.is_valid():
for diag in serializer.data:
# print(diag)
self.assertIn('private', diag['name'])
self.assertEqual(False, diag['is_public'])
def test_get_all_diags_of_user(self):
""" Test GET diagram/private gives all the diagrams of the current user"""
res = self.client.get(self.ALL_USER_DIAG)
self.assertEqual(res.status_code, 200)
# print(res.content.decode('utf-8'))
serializer = serializers.DiagramSerializer(data=res.data, many=isinstance(res.data, list))
serializer.is_valid()
# print(serializer.errors)
diagramCount = 0
if serializer.is_valid():
for diag in serializer.data:
self.assertIn('test', diag['name'])
# print(diag)
diagramCount += 1
# print(f"Number of diagrams stored, expected 3 got {diagramCount}")
self.assertEqual(3, diagramCount)
def put(self, request, pk):
"""Update diagram"""
diagramModel = Diagram.objects.get(pk=pk)
# Checks that the current user as the rights to update specified diagram
serializer = serializers.DiagramSerializer(data=request.data)
if serializer.is_valid():
# print(diagramModel.owner.username)
# print(request.user.username)
diagram_xml = request.data['diagram']
no_script_xml = noScriptTagsInXML(diagram_xml)
try:
# Checks that the diagram sent is properly built
diagram = defusedxml.minidom.parseString(no_script_xml)
root = diagram.documentElement.firstChild
allMxCell = root.getElementsByTagName('mxCell')
except (AttributeError, TypeError):
return Response(status=status.HTTP_400_BAD_REQUEST)
if diagramModel.owner.email != self.request.user.email:
if diagramModel.is_public:
# If current user isn't the owner of the diagram,
# then he can only create a new private diagram from the public one
serializer.save(
owner=request.user,
is_public=False,
lastTimeSpent=request.data['lastTimeSpent'],
diagram=no_script_xml)
return Response(serializer.data,
status=status.HTTP_201_CREATED)
if self.request.user not in diagramModel.writer.all():
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
# In bellow case we either are the owner, or we have writer rights over the diagram
# Hence we can modify it
with reversion.create_revision():
diagramModel.lastTimeSpent = float(
request.data['lastTimeSpent'])
diagramModel.name = str(request.data['name'])
diagramModel.diagram = no_script_xml
diagramModel.is_public = request.data['is_public']
if request.data['tags'] != "\"\"":
diagramModel.tags.set(request.data['tags'])
diagramModel.preview = request.data['preview']
diagramModel.save()
reversion.set_date_created(timezone.now())
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request):
"""Return all the diagrams shared with current authenticated user"""
diags_as_reader = Diagram.objects.all().filter(
reader__email__contains=self.request.user.email)
diags_as_writer = Diagram.objects.all().filter(
writer__email__contains=self.request.user.email)
all_diags = diags_as_writer.union(diags_as_reader)
serializer = serializers.DiagramSerializer(all_diags, many=True)
resp_datas = serializer.data
# print(resp_datas)
for diag_serialized in resp_datas:
diag = Diagram.objects.get(pk=diag_serialized['id'])
# print(diag)
diag_is_risk_shared = diag.isRiskComputationShared
# print(diag_is_risk_shared)
is_risk_shared_dict = json.loads(diag_is_risk_shared)
if is_risk_shared_dict != {}:
value = is_risk_shared_dict[self.request.user.email]
diag_serialized['isRiskShared'] = value
return Response(data=resp_datas, status=status.HTTP_200_OK)
def post(self, request):
"""Create new Diagram"""
# request_img = request.data['preview']
serializer = serializers.DiagramSerializer(data=request.data)
if serializer.is_valid():
diagram_xml = request.data['diagram']
no_script_xml = noScriptTagsInXML(diagram_xml)
try:
# Checks that the diagram sent is properly built
diagram = defusedxml.minidom.parseString(no_script_xml)
root = diagram.documentElement.firstChild
allMxCell = root.getElementsByTagName('mxCell')
except (AttributeError, TypeError):
return Response(status=status.HTTP_400_BAD_REQUEST)
# Checks against XSS
with reversion.create_revision():
serializer.save(owner=request.user,
lastTimeSpent=request.data['lastTimeSpent'],
diagram=no_script_xml)
reversion.set_date_created(timezone.now())
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request):
"""Return diagrams of the current authenticated user only"""
serializer = serializers.DiagramSerializer(
Diagram.objects.all().filter(owner=self.request.user), many=True)
return Response(data=serializer.data, status=status.HTTP_200_OK)
def get(self, request):
"""Returns all public diagrams"""
serializer = serializers.DiagramSerializer(
Diagram.objects.all().filter(public=True), many=True)
return Response(data=serializer.data, status=status.HTTP_200_OK)